CVE-2020-9076

EUVD-2020-29905
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
huaweip30_firmware
𝑥
< 10.1.0.135\(c00e135r2p11\)
huaweip30_pro_firmware
𝑥
< 10.1.0.135\(c00e135r2p8\)
huaweip30_pro_firmware
𝑥
< 10.1.0.135\(c01e135r2p8\)
huaweitony-al00b_firmware
𝑥
< 10.1.0.137\(c00e137r2p11\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en